Wenbing XIE,Xiaodong MA,Zhongsheng LI,Xiamu NIU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1407-0160

2016-01-01

Abstract:Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method.

Sun Ding,Hee Beng Kuan Tan,Kaiping Liu,Mahinthan Chandramohan,Hongyu Zhang

DOI: https://doi.org/10.1109/COMPSACW.2012.103

2012-01-01

Abstract:Buffer overflow vulnerability is one of the major security threats for applications written in C/C++. Among the existing approaches for detecting buffer overflow vulnerability, though flow sensitive based approaches offer higher precision but they are limited by heavy overhead and the fact that many constraints are unsolvable. We propose a novel method to efficiently detect vulnerable buffer overflows in any given control flow graph through recognizing two patterns. The proposed approach first uses syntax analysis to filter away those branches that cannot possibly comply with any of the two patterns before applying a limited symbolic evaluation for a precise matching against the patterns. The proposed approach only needs to evaluate a limited set of selected branch predicates according to the patterns and avoids the need to deal with a large number of general branch predicates. This significantly improves the scalability while not sacrificing the detection precision. Our experiments demonstrate the scalability and efficiency of the proposed method, which demonstrates its applicability.

Tao Ye,Lingming Zhang,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/ICST.2016.21

2016-01-01

Abstract:Buffer overflow is one of the most common types of software security vulnerabilities. Although researchers have proposed various static and dynamic techniques for buffer overflow detection, buffer overflow attacks against both legacy and newly-deployed software systems are still quite prevalent. Compared with dynamic detection techniques, static techniques are more systematic and scalable. However, there are few studies on the effectiveness of state-of-the-art static buffer overflow detection techniques. In this paper, we perform an in-depth quantitative and qualitative study on static buffer overflow detection. More specifically, we obtain both the buggy and fixed versions of 100 buffer overflow bugs from 63 real-world projects totalling 28 MLoC (Millions of Lines of Code) based on the reports in Common Vulnerabilities and Exposures (CVE). Then, quantitatively, we apply Fortify, Checkmarx, and Splint to all the buggy versions to investigate their false negatives, and also apply them to all the fixed versions to investigate their false positives. We also qualitatively investigate the causes for the false-negatives and false-positives of studied techniques to guide the design and implementation of more advanced buffer overflow detection techniques. Finally, we also categorized the patterns of manual buffer overflow repair actions to guide automated repair techniques for buffer overflow. The experiment data is available at http://bo-study.github.io/Buffer-Overflow-Cases/.

Yimin Xia,Jun Luo,Minxuan Zhang

DOI: https://doi.org/10.1007/11599555_32

2005-01-01

Abstract:Accessing an out-of-bounds memory address can lead to nondeterministic behaviors or elusive crashes. Static analysis can detect memory access errors from program source codes without runtime overhead, but existing techniques are either very imprecise or exponential cost. This paper proposes a precise and effective method to detect memory access errors. Firstly, it generates a state for each statement with a flow-sensitive, inter-procedural algorithm. A state includes not only range constraints like the traditional range analysis, but also occurrence conditions of the range constraints. Secondly, it solves states of memory access statement to evaluate the sizes of accessed memory bounds. The costs of state generation and state resolution are polynomial. We have implemented a prototype of the analysis method. Applied to 7 popular programs, the prototype found 40 memory access errors with a high precision of 80%.

CHEN Shikun,LI Zhoujun,HUANG Yonggang,XING Jianying

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.z2.016

2009-01-01

Abstract:Buffer overflows are the main source of security issues in C programs.This paper presents a SAT-based technique to identify buffer overflows in C source codes using a source-to-source transformation which adds some statements into the source code to model the buffer properties, with some asserts to describe the buffer overflows.Then, the asserts are checked by SAT tools.This technique was used to automatically identify buffer overflows in source codes in 1 164 code fragments from a publicly available benchmark.Tests show that the system accurately located buffer overflow vulnerabilities in these programs with zero false alarms and an omission rate of only 2.08%.

Peng Luo,Deqing Zou,Yajuan Du,Hai Jin,Changming Liu,Jinan Shen

DOI: https://doi.org/10.1016/j.cose.2019.101616

IF: 5.105

2019-01-01

Computers & Security

Abstract:Buffer overflow (BoF) is one of the most dangerous security vulnerabilities. A BoF can be induced by functions, such as the memcpy family, or loops with pointer or array operations. Static detection of BoF is a well-defined method and often performed before system deployment. However, most of previous static techniques either detect the BoFs induced by functions or analyze simple loops that induce BoFs, such as the single loop with a single loop variable. In order to clearly understand the impact of loops on BoF, we perform an empirical study on real-world BoFs detected in the past three years, including 211 BoFs from 60 open-source systems, and find that about a third of these BoFs are induced by loops. Motivated by this observation, we propose a novel static detection technique, DBloop, to localize BoFs induced by loops. The key of DBloop is to get the extremum length of data-movement on the buffer by analyzing target loops and then check whether the buffer overruns using constraint solving. We have implemented DBloop with CIL, and evaluated it on real-world programs detection by comparing with a commercial tool, Checkmarx, and an open-source tool, Splint. DBloop successfully localizes 57 BoFs induced by loops, while Checkmarx and Splint only detect 4 and 3, respectively. Moreover, DBloop has detected 4 new BoFs that have not been reported before.

Qiang Zeng,Mingyi Zhao,Peng Liu

DOI: https://doi.org/10.1109/dsn.2015.54

2015-06-01

Abstract:For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named HeapTherapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in realtime. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated HeapTherapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006); it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).

ZHANG Mingjun,LUO Jun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.18.015

2005-01-01

Abstract:The paper presents an extended flow-insensitive pointer analysis algorithm used in statical buffer overflow analysis,which translates the control flow graph (CFG) into static single assignment(SSA),repeated calls a flow-insensitive pointer analysis and then generates precise point-to set for each pointer variable.Finally,it updates the constraint information in the define-use chain of pointer variable.The paper implements the algorithm in LLVM compiler system and measures the analysis result and times for a set of benchmark programs.The empirical results show that the result is as good as the flow-sensitive analysis but efficiency is higher than flow-sensitive analysis.

Hui HUANG,Yuliang LU,Lintao LIU,Jun ZHAO

DOI: https://doi.org/10.3969/j.issn.0253-2778.2015.07.006

2015-01-01

Journal of University of Science and Technology of China

Abstract:Limited by incomplete call graph analysis and path feasibility analysis ,current static integer overflow defect detection methods generally return results with high false positives . To reduce this inefficiency ,aiming at automatic exploration of the external input triggering integer overflow defects ,a new source code oriented detection method was proposed combining call graph analysis , static taint analysis and static symbolic execution ,in which a field‐sensitive and flow‐sensitive pointer analysis method was proposed for constructing an over‐approximation of the target program’s real call graph ,with a static taint‐sink propagation analysis carried out for calculating the potential external input reachable integer overflow defects , on which flow‐sensitive static symbolic execution is conducted to reduce the false positives introduced by the detection system through justifying the satisfiability of the corresponding defect constraint . Experiments prove the effectiveness of the methodin real‐world integer overflow defect detection and false alarm reduction .

XIA Chao,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.22.065

2008-01-01

Abstract:This paper proposes a method to detect buffer-overflow vulnerabilities for executables.Combining dynamic analysis and static analysis, it makes further detection of buffer-overflow vulnerabilities.Static methods mainly deal with the internal semantic relationship of assembly instructions and the properties of a function's stack frame for executables.Dynamic emulation provides a virtual run-time environment,which enables the program to combine its static properties while virtually executed,and then it can get the function's semantic results on buffer manipulation,and determine whether there is a buffer-overflow vulnerability.

Feng-Juan Gao,Yu Wang,Lin-Zhang Wang,Zijiang Yang,Xuan-Dong Li

DOI: https://doi.org/10.1007/s11390-020-0525-z

IF: 1.871

2020-01-01

Journal of Computer Science and Technology

Abstract:Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools.

Sun Ding,Hee Beng Kuan Tan,Hongyu Zhang

DOI: https://doi.org/10.5220/0004888000490059

2014-01-01

Abstract:Buffer overflow vulnerability is one of the commonly found significant security vulnerabilities. This vulnerability may occur if a program does not sufficiently prevent input from exceeding intended size or accessing unintended memory locations. Researchers have put effort in different directions to address this vulnerability, including creating a run-time defence mechanism, proposing effective detection methods or automatically modifying the original program to remove the vulnerabilities. These techniques share many commonalities and also have differences. In this paper, we characterize buffer overflow vulnerability in the form of four patterns and propose ABOR--a framework that integrates, extends and generalizes existing techniques to remove buffer overflow vulnerability more effectively and accurately. ABOR only patches identified code segments; thus it is an optimized solution that can eliminate buffer overflows while keeping a minimum runtime overhead. We have implemented the proposed approach and evaluated it through experiments on a set of benchmarks and three industrial C/C++ applications. The experiment result proves ABORâ s effectiveness in practice.

张实睿,许蕾,徐宝文

DOI: https://doi.org/10.3969/j.issn.1003-7985.2009.02.016

2009-01-01

Abstract:A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.

ZHANG Jun-xian,LI Zhou-jun

DOI: https://doi.org/10.13190/j.jbupt.2016.s.012

2016-01-01

Abstract:Buffer overflow is a source of many security problems in C programs. A new tool named Path-Checker to detect buffer overflows in C codes using dynamic symbolic execution method is proposed. PathChecker uses quantifier-free predicate formulas to describe the safety properties of buffer access oper-ations and check these properties using a SMT solver. Experimental results show the effectiveness of this tool which is very easy to extend to check other safety properties.

Xiangkun Jia,Chao Zhang,Purui Su,Yi Yang,Huafeng Huang,Dengguo Feng

2017-01-01

Abstract:Heap overflow is a prevalent memory corruption vulnerability, playing an important role in recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many state-of-art solutions focus on runtime detection, requiring abundant inputs to explore program paths in order to reach a high code coverage and luckily trigger security violations. It is likely that the inputs being tested could exercise vulnerable program paths, but fail to trigger (and thus miss) vulnerabilities in these paths. Moreover, these solutions may also miss heap vulnerabilities due to incomplete vulnerability models.In this paper, we propose a new solution HOTracer to discover potential heap vulnerabilities. We model heap overflows as spatial inconsistencies between heap allocation and heap access operations, and perform an indepth offline analysis on representative program execution traces to identify heap overflows. Combining with several optimizations, it could efficiently find heap overflows that are hard to trigger in binary programs. We implemented a prototype of HOTracer, evaluated it on 17 real world applications, and found 47 previously unknown heap vulnerabilities, showing its effectiveness.

Rui Ma,Yiming Yan,Long Wang,Changzhen Hu,Jingfeng Xue

2016-01-01

Abstract:Buffer overflow vulnerability is currently one of the most serious software security vulnerabilities. Taking effective methods to detect buffer overflow vulnerabilities is of great significance to improve the robustness and security of software. After analyzing the principle of buffer overflow and various buffer overflow vulnerabilities, as well as comparing static with dynamic detection techniques, this paper presents a static detection method for buffer overflow based on abstract syntax tree, especially for vulnerabilities caused by string accessing of C source code. The proposed method first generates an abstract syntax tree for the source code by using the GCC compiler, and collects the characteristics of vulnerability by analyzing AST nodes. For the nodes associated with the buffer overflow, the method further gives a formal description of that characteristic so as to generate security attributed and constraint rules. By traversing the abstract syntax tree, the proposed method finally determines whether buffer overflow vulnerability exists in the source code. Experiments with 12 C programs were carried out on the Windows platform, and each program has been discovered at least one typical buffer overflow vulnerability. The experimental results highlight the feasibility and effectiveness of the proposed method, especially in the detecting out of range for a pointer, an array, and a structure object, as well as the buffer overflow vulnerability caused by some C library function calls.

Tieyun BAO,Fengjuan GAO,Yan ZHOU,You LI,Linzhang WANG,Xuandong LI

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.005

2016-01-01

Abstract:Buffer overflow vulnerability is a kind of serious security defect. Currently there are dynamic and static ap-proaches to detect buffer overflow. The effectiveness of Dynamic tools depends on design of test case, and they often in-troduce execution overhead. Static program analysis techniques have been widely used in buffer overflow detection, which often report a large number of false warnings. Manual validating the results of static analysis is time consuming and er-ror-prone, which severely limits the usefulness of static analysis tools. Symbolic execution is a promising software testing and analysis technology, which systematically explore execution space of test program and generates test cases with high coverage. In this paper we propose a novel approach for automatic buffer overflow warnings validating based on symbolic execution.Our approach is consist of three steps:firstly detect the reachability of statements in static analysis path segment in inter procedural control flow graph and map the static path segment sets to complete path sets which are used to be val-idated;secondly guide the symbolic execution so that we only focus on the execution paths that cover the buffer overflow warnings generated by static program analysis through pruning useless path; finally construct warning path constraints according to buffer overflow vulnerability models at suspicios statements and classify results depend on the output of con-straint solver. Based on the proposed technique we implemented a prototype tool BOVTool and our experimental results on real open source programs show that the percentage of false warnings which do not need to be manually validated is 59.9%on average.

Fengjuan Gao,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1145/2970276.2970282

2016-01-01

Abstract:Buffer overflow is one of the most common types of software vulnerabilities. Various static analysis and dynamic testing techniques have been proposed to detect buffer overflow vulnerabilities. With automatic tool support, static buffer overflow detection technique has been widely used in academia and industry. However, it tends to report too many false positives fundamentally due to the lack of software execution information. Currently, static warnings can only be validated by manual inspection, which significantly limits the practicality of the static analysis. In this paper, we present BovInspector, a tool framework for automatic static buffer overflow warnings inspection and validated bugs repair. Given the program source code and static buffer overflow vulnerability warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector fix it with three predefined strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically inspect on average of 74.9% of total warnings, and false warnings account for about 25% to 100% (on average of 59.9%) of the total inspected warnings. In addition, the automatically generated patches fix all target vulnerabilities. Further information regarding the implementation and experimental results of BovInspector is available at http://bovinspectortool.github.io/project/. And a short video for demonstrating the capabilities of BovInspector is now available at https://youtu.be/IMdcksROJDg.

Donghai Tian,Xi Xiong,Changzhen Hu,Peng Liu

DOI: https://doi.org/10.1007/978-3-642-18178-8_34

2010-01-01

Abstract:Nowadays Buffer overflow attacks are still recognized as one of the most severe threats in software security. Previous solutions suffer from limitations in that: 1) Some methods based on compiler extensions have limited practicality because they need to access source code; 2) Other methods that need to modify some aspects of the operating system or hardware require much deployment effort; 3) Almost all methods are unable to deploy a runtime protection for programs that cannot afford to restart. In this paper, we propose PHUKO, an on-the-fly buffer overflow prevention system which leverages virtualization technology. PHUKO offers the protected program a fully transparent environment and an easy deployment without the need to restart the program. The experiments show that our system can defend against realistic buffer overflow attacks effectively with moderate performance overhead.

Minglei SHANG,Hao HUANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.12.014

2005-01-01

Abstract:The principle of buffer overflow and overflow string are analyzed.Then several typical real-time buffer overflow attacks detectionmethods are analyzed.At last, a real-time buffer overflow attack detection approach based on system calls is presented.This approach adds mandatoryaccess control to original system call function by the means of hijacking system calls.In the way of monitoring illegal system calls,it can detect andprevent various buffer overflow attacks of improving priviledge.